SUSE-SU-2023:0328-1 Security update for rubygem-globalid

This update for rubygem-globalid fixes the following issues: - CVE-2023-22799: Fixed ReDoS vulnerability bsc1207587...

SUSE SLES15 / openSUSE 15 Security Update : rubygem-activesupport-5_1 (SUSE-SU-2023:0275-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:0275-1 advisory. - A regular expression based DoS vulnerability in Active Support 6.1.7.1 and 7.0.4.1. A specially crafted string passed to the...

SUSE SLES15 / openSUSE 15 Security Update : rubygem-rack (SUSE-SU-2023:0276-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:0276-1 advisory. - A denial of service vulnerability in the Range header parsing component of Rack = 1.5.0. A Carefully crafted input...

SUSE-SU-2023:0276-1 Security update for rubygem-rack

This update for rubygem-rack fixes the following issues: - CVE-2022-44570: Fixed a potential denial of service when parsing a RFC2183 multipart boundary bsc1207597. - CVE-2022-44571: Fixed a potential denial of service when parsing a Range header bsc1207599. - CVE-2022-44572: Fixed a potential...

SUSE-SU-2023:0275-1 Security update for rubygem-activesupport-5_1

This update for rubygem-activesupport-51 fixes the following issues: - CVE-2023-22796: Fixed a potential denial of service when passing a crafted input to the underscore method due to an inefficient regular expression bsc1207454...

Fedora: Security Advisory for rubygem-git (FEDORA-2023-e3985c2b3b)

The remote host is missing an update for the Copyright C 2023 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora 37 : rubygem-git (2023-e3985c2b3b)

The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-e3985c2b3b advisory. CVE-2022-47318 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for this iss...

CVE-2023-22795

A flaw was found in the rubygem-actionpack. RubyGem's actionpack gem is vulnerable to a denial of service caused by a regular expression denial of service ReDoS flaw in Action Dispatch related to the If-None-Match header. By sending a specially-crafted HTTP If-None-Match header, a remote attacker...

CVE-2023-22792

A flaw was found in the rubygem-actionpack. RubyGem's actionpack gem is vulnerable to a denial of service caused by a regular expression denial of service ReDoS flaw in the Action Dispatch module. By sending specially-crafted cookies with an XFORWARDEDHOST header, a remote attacker could exploit...

CVE-2022-44566

A flaw was found in the rubygem-activerecord. RubyGem's ActiveRecord is vulnerable to a denial of service caused by a flaw in the PostgreSQL adapter. By sending a specially-crafted request, a remote attacker can cause a slow sequential scan, resulting in a denial of service...

CVE-2023-22794

A flaw was found in RubyGem's activerecord gem, which is vulnerable to SQL injection. This flaw allows a remote attacker to send specially-crafted SQL statements to the comments, allowing the attacker to view, add, modify, or delete information in the back-end database...

CVE-2023-22799

A flaw was found in rubygem-globalid. RubyGem’s GlobalID gem is vulnerable to a denial of service issue caused by a regular expression denial of service ReDoS flaw in the model name parsing. By sending a specially-crafted regex input, a remote attacker can cause a denial of service...

CVE-2023-22796

A flaw was found in rubygem-activesupport. RubyGem's activesupport gem is vulnerable to a denial of service caused by a regular expression denial of service ReDoS flaw in Inflector.underscore. By sending a specially-crafted regex input, a remote attacker can use large amounts of CPU and memory,...

CVE-2022-44572

A flaw was found in rubygem-rack. Rack is vulnerable to a denial of service caused by a regular expression denial of service ReDoS flaw in the multipart parsing component. By sending a specially-crafted input, a remote attacker can cause a denial of service...

CVE-2022-44570

A flaw was found in rubygem-rack. Rack is vulnerable to a denial of service caused by a regular expression denial of service ReDoS flaw in the Rack::Utils.getbyteranges function. By sending a specially-crafted regex input, a remote attacker can cause a denial of service...

SUSE SLES15 / openSUSE 15 Security Update : rubygem-websocket-extensions (SUSE-SU-2023:0127-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:0127-1 advisory. - websocket-extensions ruby module prior to 0.1.5 allows Denial of Service DoS via Regex Backtracking. The extension parser ma...

SUSE-SU-2023:0127-1 Security update for rubygem-websocket-extensions

This update for rubygem-websocket-extensions fixes the following issues: - CVE-2020-7663: Fixed an excessive resource consumption when parsing crafted message headers sent by an attacker bsc1172445...

rubygem-rack 安全漏洞

rubygem-rack is an application in the rubygems open source. Rubygem-rack has a security vulnerability that stems from a denial of service in Content-Disposition parsing...

rubygem-globalid 安全漏洞

rubygem-globalid is an application of rubygems open source. A security vulnerability exists in rubygem-globalid. An attacker exploited the vulnerability to perform a regular expression denial of service attack...

rubygem-actionpack 安全漏洞

actionpack is a simple, time-tested convention for building and testing MVC web applications. Works on any rack-compatible server. A security vulnerability exists in rubygem-actionpack. An attacker exploited the vulnerability to perform a denial-of-service attack...